shithub: riscv

--- /dev/null

+++ b/sys/lib/python/factotum.py

@@ -1,0 +1,57 @@

+'''factotum for py'''

+import subprocess

+class FactotumError(Exception):

+	pass

+class PhaseError(Exception):

+	pass

+class NeedkeyError(Exception):

+	pass

+class Factotum:

+	def start(self, **args):

+		self.f = open('/mnt/factotum/rpc', 'r+', 0)

+		msg = 'start'

+		for k, v in args.iteritems():

+			msg += ' ' + k + '=\'' + v + '\''

+		self.f.write(msg)

+		ret = self.f.read(4096)

+		if ret == "ok": return

+		if ret[:5] == "error": raise FactotumError(ret[6:])

+		raise FactotumError("unexpected " + ret)

+	def needkey(self, string):

+		subprocess.call(['/bin/auth/factotum', '-g', string])

+	def read(self):

+		while True:

+			self.f.write('read')

+			ret = self.f.read(4096)

+			if ret[:7] != "needkey": break

+			self.needkey(ret[8:])

+		if ret == "ok": return ""

+		if ret[:3] == "ok ": return ret[3:]

+		if ret[:5] == "error": raise FactotumError(ret[6:])

+		if ret[:5] == "phase": raise PhaseError(ret[6:])

+		raise FactotumError("unexpected " + ret)

+	def write(self, data):

+		while True:

+			self.f.write('write ' + data)

+			ret = self.f.read(4096)

+			if ret[:7] != "needkey": break

+			self.needkey(ret[8:])

+		if ret == "ok": return 0

+		if ret[:3] == "toosmall ": return int(ret[4:])

+		if ret[:5] == "error": raise FactotumError(ret[6:])

+		if ret[:5] == "phase": raise PhaseError(ret[6:])

+		raise FactotumError("unexpected " + ret)

+	def close(self):

+		self.f.close()

+	def delkey(self, **args):

+		f = open('/mnt/factotum/ctl', 'w', 0)

+		msg = 'delkey'

+		for k, v in args.iteritems():

+			msg += ' ' + k + '=\'' + v + '\''

+		f.write(msg)

+		f.close()

--- /dev/null

+++ b/sys/lib/python/hgext/hgfactotum.py

@@ -1,0 +1,37 @@

+''' factotum support '''

+import mercurial.url

+import urllib2

+import factotum

+class factotumdigest(urllib2.BaseHandler):

+	auth_header = 'Authorization'

+	handler_order = 490

+	def __init__(self, passmgr=None):

+		self.f = factotum.Factotum()

+		self.retried = 0

+	def http_error_401(self, req, fp, code, msg, headers):

+		self.retried += 1

+		host = urllib2.urlparse.urlparse(req.get_full_url())[1]

+		authreq = headers.get('www-authenticate', None)

+		if authreq == None: return None

+		authreq = authreq.split(' ', 1)

+		if authreq[0].lower() != 'digest': return None

+		chal = urllib2.parse_keqv_list(urllib2.parse_http_list(authreq[1]))

+		realm = chal['realm']

+		nonce = chal['nonce']

+		if self.retried >= 6:

+			self.f.delkey(proto="httpdigest", realm=realm)

+		self.f.start(proto="httpdigest", role="client", realm=realm)

+		self.f.write(nonce + ' ' + req.get_method() + ' ' + req.get_selector())

+		resp = self.f.read()

+		self.f.close()

+		val = 'Digest username="%s", realm="%s", nonce="%s", uri="%s", response="%s", algorithm=MD5' % ("aiju", realm, nonce, req.get_selector(), resp)

+		if req.headers.get('Authorization', None) == val: return None

+		req.add_unredirected_header('Authorization', val)

+		result = self.parent.open(req)

+		self.retried = 0

+		return result

+mercurial.url.httpdigestauthhandler = factotumdigest